Secondary menu

Category Archives: Whitepapers

Thank you for visiting this page. You may have reached it because the website you have visited has been discontinued. Please contact us if you think that the site should be re-instated or if you are interested to purchase or lease the domain for your business or blog.

The true power of ERP Maestro™ Access Analyzer® lies in its reporting abilities for Segregation of Duties (SoD) and Sensitive Access conflicts. Each report is designed to help users make decisions regarding conflict risks that will facilitate and accelerate remediation. This is an overview of the five key reports used to detect potential conflict risks when monitoring and auditing SAP access.

Read more by downloading the entire whitepaper or contact us for more information or a demo:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

In most organizations utilizing ERP systems, the segregation of duty (SoD) controls necessary to prevent fraud and pass corporate audits is managed through unreliable, manually-built tools. Manual management of access controls is a resource-draining and expensive process that is prone to human error and doesn't guarantee compliance – or resolution of risks.

ERP Maestro™ Access Analyzer® automates SoD access controls in a cloud-delivered subscription service. Users can expedite the identification of their access control conflicts, remediate internal control violations quickly and become compliant without the need for large capital projects.

Read more by downloading the entire whitepaper or contact us for more information or a demo:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

If appropriate detective controls are in place, what are you doing to prevent those risks from creeping back? Emergency Access Controls and Secure Provisioning are two essential parts of ERP Maestro's access controls suite. These features leverage automated workflows to save your team time and prevent potential access risks from occurring in the first place, keeping your organization compliant with external auditors.

Read more by downloading the entire whitepaper or contact us for more information or a demo:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

Security Administrators Get the Data They Need When They Need It

AT A GLANCE

Streamline Authorization Requests and Eliminate Research Headaches Authorization Help from Security Weaver reduces the time and energy security administrators spend to resolve access issues. Authorization Help enables both IT teams and end users to be more productive because it automatically captures and shares contextual information, determines the most appropriate roles to be assigned to users, and recommends to both IT and end users peers and model users who currently have the required access.

KEY BENEFITS

Increased Productivity: Authorization Help dramatically reduces the frequency of issues and the time needed to resolve them by capturing relevant information, including both error messages and user activities, and then recommending courses of action to both security administrators and end users. Rich data automatically collected and consistently formatted allows for faster identification of the exact access issue and less disruptive communication between IT and users.

Improved User Satisfaction: Too often security policies delay operations. Authorization Help recommends peers in the user's department who have the necessary access, allowing users to get pressing work done in parallel with having their access request processed. Authorization Help is also intelligent enough to hide peer recommendations when the request would constitute a segregation of duties (SOD) conflict or sensitive access.

Improved Role Design and Reuse: Authorization Help's model user identification and role recommendations allow administrators to quickly determine if there is an existing role that would appropriately solve an access issue. These recommendations, coupled with the robust data automatically collected by Authorization Help, increases role reuse, reduces testing issues, and facilitates role design improvements.

Download the entire whitepaper or contact us for more information:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

Reduce the time, complexity, and costs of authorization testing

AT A GLANCE

Efficiently address authorization issues before they get into production Validation Workbench from Security Weaver reduces the time it takes to test authorizations and roles while simultaneously improving control over access in production systems. It is an ABAP solution that runs within the SAP environment and thus requires no additional hardware, middleware, or special maintenance skills.

ELIMINATE PAIN

Avoid the tedious and time-wasting requirements associated with authorization testing Access issues can be showstoppers for a business and can determine how users judge the quality of IT. Because complex role designs and missing role assignments are often the reasons behind access issues, they are on the critical path for solving access related problems.

However, because role designs and assignments are considered configuration items, any changes to them need to follow a proper release process, regardless of the time required. For those IT teams who wish to minimize highly visible access issues, authorization testing is mandatory.

However, testing is expensive and can create its own challenges. For example, even before authorizations and roles can be tested, a test environment must be created. This requires creating test user accounts across systems, establishing passwords that must be changed by testers, and then remembered, reset, and synchronized across systems throughout the testing period. Further challenges arise because of the constant need for communication and coordination between IT operations teams, security teams, and the end users doing the testing. Communication and coordination are hindered, schedules delayed, and tests skipped because of the inevitable ambiguity of what is in scope to be tested, the tediousness of some tests, and the lack of a single repository for reporting status and capturing issues.

Read more by downloading the entire whitepaper or contact us for more information or a demo:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

There are probably a million things SAP customers can do wrong, when it comes to SAP security.

I have collected the most critical mistakes my team has observed in SAP Penetration testing projects over the past 10 years.Here is the definitive list of the most deadly sins:

1. Hard-coded SAP* user active

The moment a malicious user gets a network connection to a login mechanism of your SAP system (e.g. SAP GUI, BSP, Web Dynpro, RFC) he can login with the hard coded username (‘SAP*’) and password (‘PASS’), gaining SAP_ALL privileges and has full control of the SAP system.Continue reading 9 deadly sins in SAP Security→

Free SAP-Certified Vulnerability Scan

SAP platforms are one of the highest priority targets for cyber-criminals and intruders. Many organizations are already taking proactive steps to secure their platforms by performing security assessments to identify and mitigate vulnerabilities.

Onapsis, in conjunction with Davatec Consulting, is offering a free, one time, one instance vulnerability scan of your SAP environment using Onapsis X1, the industry’s first SAP-certified solution for the automated security assessments of SAP platforms. Utilizing the results from the scan will allow you to gain visibility into the challenge your organization is facing when securing SAP platforms.

In order to better serve specific business requirements, SAP standard solutions are often enhanced with custom applications. In many industries, the proportion of proprietary developments in SAP systems averages more than twenty five percent, provided either by internal IT specialists or third-party companies.

Whether SAP applications are at the heart of your business or it is your business to develop SAP add-on applications, you need to both ensure that business critical processes and sensitive data remain safe, and reduce the risk of security breaches or data loss whilst meeting compliance rules and standards.

Download the brochure: Ensuring the Security and Quality of Custom SAP Applications

Download the entire whitepaper or contact us for more information:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

Segregation of duties (SoD), as a security principle, is designed primarily to prevent fraud and errors. This objective is achieved by disseminating tasks and associated privileges for a specifc business process among multiple users. A common example of this principle is requiring two signatures to validate a cheque.

For several years, the Auditing and IT Security industries have considered that the deployment of SoD controls was enough to enforcethe security of SAP systems. Therefore, today when many professionals refer to the term 'SAP Security', they are only discussing the processes of creating and managing the SAP roles and profles which are assigned to an organization’s users to restrict their activities over the business information.

While this kind of controls is of absolute importance to the overall security of the SAP landscape, there are many other threats that are overlooked and involve much higher levels of risk: the security vulnerabilities in the technological components that build up SAP platforms (business runtime).

According to a study conducted by the CERT Coordination Center at Carnegie Mellon University, 99% of intrusions result from two factors: exploitation of known vulnerabilities (for which there are patches or corrective countermeasures) and confguration errors.

While SAP rapidly reacts to newly discovered security weaknesses through patches and provides security guidelines to confgure systems securely, still many organizations face a tough time keeping all of their business-critical platforms protected against these threats.

Download the entire whitepaper or contact us for more information:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.